CVE-2026-6301: Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML…

CVE-2026-6301 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6301 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-6301

CVE-2026-6301 [HIGH] CWE-843 chromium-browser: Type Confusion in Turbofan chromium-browser: Type Confusion in Turbofan A type confusion flaw was found in the Turbofan component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=495273999 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6300 [HIGH] Stable Channel Update for Desktop: CVE-2026-6300 Stable Channel Update for Desktop CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12 [TBD][ 495273999 ] High CVE-2026-6301: Type Confusion in Turbofan Reported by qymag1c on 2026-03-23 [TBD][ 495477995 ] High CVE-2026-6302: Use after free in Video Severity: high

CVE-2026-6301 [HIGH] Google Chrome up to 147.0.7727.55 Turbofan type confusion (ID 495273 / Nessus ID 307658) A vulnerability was found in Google Chrome. It has been rated as critical. This affects an unknown part of the component Turbofan. Performing a manipulation results in type confusion. This vulnerability is reported as CVE-2026-6301. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

CVE-2026-6301 [HIGH] CWE-843 GHSA-5hwj-hjjc-gm39: Type Confusion in Turbofan in Google Chrome prior to 147 Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6301 [HIGH] CVE-2026-6301 chromium-browser: Type Confusion in Turbofan CVE-2026-6301 chromium-browser: Type Confusion in Turbofan Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2026-32748 [HIGH] CVE-2026-32748 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 Squid: Squid: Denial of Service via crafted ICP traffic Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5. Discussion: This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:6301 ht

CVE-2026-33526 [CRITICAL] CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch. Discussion: This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:6301 https://access.redhat.com/errata/RHSA-2026:630